Provides a concise guide to maintaining secure systems in the Solaris environment. Covers standalone and networked systems running Solaris and presents a special section on disaster preparation and recovery operations. Softcover. DLC: Computer security.
"synopsis" may belong to another edition of this title.
PrefaceWho Should Read This Book
Solaris Security has two audiences — IS/IT and security managers and UNIX administrators.
The content for IS/IT and security managers appears primarily in
Chapter 1, "The Security Problem"
Chapter 2, "The Security Paradigm"
Chapter 10, "Network/System Architecture"
Chapter 16, "System Recovery Preparation"
The remaining chapters in the book are primarily technical and written for the UNIX administrator. However, any IS/IT or security manager who needs to learn more about UNIX technology (in the security context) will find all of the technical chapters easy to read. Most chapters open with "What's in this chapter" and "Why this is important" sections. This allows you to choose whether any particular chapter needs immediate attention or whether it can or should be considered in the future.A Quick Look at the Contents
This book discusses the physical, logical, and human-factor aspects of computer and network security in the specific context of Solaris 2.x and Solaris 7 running on Sun Microsystems computers. There are five parts.
Introduction. The computer security problem is dramatically illustrated in chapter 1, "The Security Problem." Chapter 2, "The Security Paradigm," is a principle-based prescription recommended for use by all UNIX administrators, but also applicable to those managing computers of other vintages.
The standalone system. This part focuses on the computer itself and covers all aspects of security. Regardless of whether or not it is connected to a network, every system is also a standalone system. Chapter 3, "PROM, OpenBoot, and Physical Security," covers one of the least-known vulnerabilities of a Solaris system, as well as practical means for securing a Sun on a desktop or in a data center. Chapter 4, "The Filesystem," is a comprehensive review of file and directory security, and includes sections on filesystem auditing tools and suggestions for UNIX administrators. Everything about user accounts is discussed in chapter 5, "User Accounts and Environments." The intricacies of system booting are covered in Chapter 6, "System Startup and Shutdown." Chapter 7, "cron and at," and chapter 8, "System Logs," provide a thorough look at those respective areas.
The network-connected system. This part of the book is dedicated to the role and place of a Sun system on a network. Most severe vulnerabilities of a system are related to its being connected to a network. Chapter 9, "Network Interfaces and Services," discusses the logical attachment of Sun systems to the network and its vulnerable services. The principles of network and system architecture are covered in chapter 10, "Network/System Architecture." "Electronic Mail" is the topic of chapter 11. Chapter 12 reveals vulnerabilities with printing. Chapter 13, "Network Access Control," describes the best means for controlling access to a system via the network. DNS, NIS, and NIS+ are discussed in chapter 14, "Name Services." Chapter 15, "NFS and the Automounter," dissects these services and offers ways of improving their security.
Disaster and recovery. Disasters, whether caused by human error, malice, or natural events, will occur. Chapter 16, "System Recovery Preparation," gives a detailed look at the measures to be taken before a disaster strikes to ensure a rapid, accurate, and complete recovery.
Appendices. Appendix A, "Online Sources for Security Information," is a thorough review of web sites, FTP sites, and mailing lists. Likewise, a comprehensive list of security tool sources is found in appendix B, "Online Sources for Public-Domain Security Tools." Complete information on Solaris patches is found in appendix C, "Obtaining and Applying Solaris Patches." Appendix D, "Suggested Reading," refers the reader to online and in-print publications of further interest. Sun's Solaris security products are discussed in appendix E. The steps required to implement and manage C2 security are found in appendix F. Appendix G explains how to verify the integrity of public-domain software. A glossary of attacks appears in appendix H. Appendix I is a secure system checklist.Technical Prerequisites for the Practitioner
Solaris Security is written for the intermediate to advanced UNIX administrator who needs a thorough understanding of the Solaris operating system from a security perspective. If you are a technical reader, you should have the following tools and experience:
A C compiler — either one furnished by Sun or the Gnu C compiler. This is because most public-domain tools are packaged in source form only and require compilation.
Some experience with building public-domain tools on a UNIX system. This is not as critical a requirement as it was during UNIX's first decade, when public-domain tools were not as portable, where they required a lot of modification before they would compile (much less work properly). Further, advances in the configuration tools that accompany most public-domain packages permit those with little or no experience with the C language to get even the most complex public-domain tools up and running.Conventions Used in This BookCommands and Filenames
I emphasize commands and filenames within paragraphs with italics. For example, the file /etc/passwd contains system password information. The trap command is used to prevent premature exit.
Commands and filenames outside of paragraphs are set in Courier font; for example
share -F NFS -o rw=homeusers -d "Home Directories" /export/home
Portions of commands indicating syntax (vs. the actual intended content) are set in italics, as follows.
share -F FStype -o options -d description path
In the example above, FStype, options, description, and path are to be replaced with actual values appropriate in practice (I will always point this out in the text where such examples occur in the book).File Contents and Scripts
Shell scripts and the contents of computer files are set apart from paragraphs and are set in Courier font. The following example user's .profile file illustrates.# .profile file for application userstrap exit 1 2 3 15PATH=/export/app/binexec /export/app/bin/applicationexit
A sample /etc/default/passwd file appears as follows.#ident "@(#)passwd.dfl 1.3 92/07/14 SMI"MAXWEEKS=4MINWEEKS=1WARNWEEKS=3PASSLENGTH=6Computer Sessions
Examples of sessions with the computer are set apart from paragraphs and set in Courier font. Input from the user is underlined to distinguish it from computer output. An example session follows.% iduid=1001(jim) gid=101(users)% su bobPassword: ********% iduid=1004(bob) gid=102(cust)% lp -d localprinter /home/bob/eom.prtrequest-id is localprinter-87 (1 file(s))%
Also note from this example that the user-entered password is represented by a string of underlined asterisks. In reality, Solaris does not echo any actual characters typed when a user enters a password; the underlined asterisks signify a user entering non-echoed text.
Note: Some commands include the underscore (_) character, which is obscured in underlined text. Commands with underscores are not underlined in this book, and all such examples are footnoted. An example command with an underscore follows.# ndd -set /dev/ip ip_forwarding 0Cautions and Warnings
Special notes and cautions are set apart, like this.
Caution: /usr/bin/su has the SetUID bit turned on. Su will no longer work if this bit is turned off.Sources for Information
This book references several information sources. Each chapter ends with a section entitled "Where to Go for Additional Information" in which one or more of the following types of references are cited.
AnswerBook. This is an online reference provided by Sun and included with the Solaris 2.x release media. AnswerBook employs hyperlinks to give you the ability to quickly retrieve documents referenced within other documents. Any user can start a local AnswerBook session with the answerbook (Sun's proprietary browser that predates Web technology) or answerbook2 (Web browser interface) command.
Man pages. This is the original UNIX command reference, useful if you know the command or file name you wish to learn more about.
Note: Man page references in this book contain the man page section number to help differentiate those instances where an entry appears in more than one section. For example, when the passwd man page is cited, it may appear as "passwd(1M)" (the passwd command) or "passwd(4)" (the passwd file). To call up the "passwd(1M)" man page, enter the command man -s 1M passwd. To call up the "passwd(4)" man page, enter the command man -s 4 passwd.
docs.sun.SunSolve. This is an information service made available to Sun customers on current maintenance or support contracts.A userid and password are required to use this site.
Web sites. These are organizations or collections of information useful for the security specialist.
Publications. This ranges from paper to electronic magazines, books, and articles.Security Remedies and Public-Domain Software
This book illustrates security weaknesses in the Solaris operating system and proposes remedies for those weaknesses. Remedies take the form of
SysteFrom the Back Cover:
At last, a security book just for Solaris and UNIX(r) system administrators. Learn the specifics for making your system secure, whether it's an organization-wide network or a standalone workstation. Expert author Peter Gregory has managed security for everything from top-secret corporate research facilities to casinos. Take advantage of his experience to build a secure, reliable system of your own.
Solaris Security looks at the physical, logical, and human factors that affect security, including:
A special section shows you how to plan for the inevitable disasters so you can recover your data quickly and accurately without compromising security. References to books, journals, and online resources will help you keep up with the latest innovations.
Every chapter opens with a checklist of key topics and their significance, so you can quickly find the information you need. Whether you are a security manager, Information Technology/Systems manager or a network administrator, Solaris(tm) Security is the single resource to answer all your questions and get your systems in shape now and for the future.
"About this title" may belong to another edition of this title.
Book Description Prentice Hall PTR, 1999. Paperback. Book Condition: New. 1st. Bookseller Inventory # DADAX0130960535
Book Description Prentice Hall PTR, 1999. Paperback. Book Condition: New. book. Bookseller Inventory # 0130960535
Book Description Prentice Hall PTR, 1999. Paperback. Book Condition: New. New item. Bookseller Inventory # QX-005-53-2027102
Book Description Book Condition: Brand New. Book Condition: Brand New. Bookseller Inventory # 97801309605351.0
Book Description Prentice-Hall. Book Condition: New. pp. 290. Bookseller Inventory # 5268874